From 00ef791078ec318f663b0cffdb18fd928394d591 Mon Sep 17 00:00:00 2001 From: Arseny Kapoulkine Date: Tue, 7 Feb 2017 23:34:39 -0800 Subject: fuzz: Use libFuzzer instead of afl-fuzz This allows us to have faster fuzz cycles since the fuzzer is in-process. --- Makefile | 11 +++++++---- tests/fuzz_parse.cpp | 18 ++++++++---------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index f9b26d6..e483e02 100644 --- a/Makefile +++ b/Makefile @@ -68,10 +68,9 @@ test: $(EXECUTABLE) ./$(EXECUTABLE) endif -fuzz: - @mkdir -p $(BUILD) - $(AFL)/afl-clang++ tests/fuzz_parse.cpp tests/allocator.cpp src/pugixml.cpp $(CXXFLAGS) -o $(BUILD)/fuzz_parse - $(AFL)/afl-fuzz -i tests/data_fuzz_parse -o $(BUILD)/fuzz_parse_out -x $(AFL)/testcases/_extras/xml/ -- $(BUILD)/fuzz_parse @@ +fuzz_%: $(BUILD)/fuzz_% + @mkdir -p build/$@ + $< build/$@ tests/data_$* clean: rm -rf $(BUILD) @@ -87,6 +86,10 @@ build/pugixml-%: .FORCE | $(RELEASE) $(EXECUTABLE): $(OBJECTS) $(CXX) $(OBJECTS) $(LDFLAGS) -o $@ +$(BUILD)/fuzz_%: tests/fuzz_%.cpp src/pugixml.cpp + @mkdir -p $(BUILD) + clang++ $(CXXFLAGS) -fsanitize=address -fsanitize-coverage=trace-pc-guard $^ libFuzzer.a -o $@ + $(BUILD)/%.o: % @mkdir -p $(dir $@) $(CXX) $< $(CXXFLAGS) -c -MMD -MP -o $@ diff --git a/tests/fuzz_parse.cpp b/tests/fuzz_parse.cpp index e758196..94c610a 100644 --- a/tests/fuzz_parse.cpp +++ b/tests/fuzz_parse.cpp @@ -1,16 +1,14 @@ #include "../src/pugixml.hpp" -#include "allocator.hpp" -int main(int argc, const char** argv) -{ - pugi::set_memory_management_functions(memory_allocate, memory_deallocate); +#include +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) +{ pugi::xml_document doc; - for (int i = 1; i < argc; ++i) - { - doc.load_file(argv[i]); - doc.load_file(argv[i], pugi::parse_minimal); - doc.load_file(argv[i], pugi::parse_full); - } + doc.load_buffer(Data, Size); + doc.load_buffer(Data, Size, pugi::parse_minimal); + doc.load_buffer(Data, Size, pugi::parse_full); + + return 0; } -- cgit v1.2.3